Jump to content

Login problem


miligraf

Recommended Posts

firs of all, whats the best way to protect a folder? only PHP or PHP and MySQL or is there a better way? (ive tried htaccess but it doesnt protect the entire folder, just a file).

now, with the problem...ive been trying to make this code to work, its from [a href=\"http://zulumonkey.org/?id=tutorials&page=comment&oid=228\" target=\"_blank\"]http://zulumonkey.org/?id=tutorials&page=comment&oid=228[/a] :

i get these warnings: Warning: session_start(): Cannot send session cookie - headers already sent by...Warning: session_start(): Cannot send session cache limiter - headers already sent...

also, if you know the URL of the file i want to protect...you can access it.

login.php
[code]<table width="315" height="199" border="0">
<tr>
<td><form name="form1" method="post" action="check.php">
<table width="407" border="0">
<tr>
<td width="105">Username:</td>
<td width="194"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
</table>
<br>
<input type="submit" name="Submit" value="Login">
</form>
</td>
</tr>
</table>[/code]

check.php
[code]<?php
$a_username = ""; // Admin username
$a_password = ""; //Admin password

if($username == $a_username && $password == $a_password){
session_start();
echo "Congratulations " . $_POST['username'] . "<br>You may now proceed to the <a href="admin.php">admin area</a>!";
}

else {
echo "Username " . $_POST['username'] . " or password " . $_POST['password'] . " is incorrect, please try again"; }
?>[/code]

admin.php
[code]<?php
if(session_start()){ ?>
This is the admin area
Add content in this section
<?php
}
elseif(!session_start()){
echo "Not logged in, please log in";
}
?>[/code]

thx!!!
Link to comment
Share on other sites

[!--quoteo(post=387956:date=Jun 26 2006, 08:34 AM:name=miligraf)--][div class=\'quotetop\']QUOTE(miligraf @ Jun 26 2006, 08:34 AM) [snapback]387956[/snapback][/div][div class=\'quotemain\'][!--quotec--]
firs of all, whats the best way to protect a folder? only PHP or PHP and MySQL or is there a better way? (ive tried htaccess but it doesnt protect the entire folder, just a file).

now, with the problem...ive been trying to make this code to work, its from [a href=\"http://zulumonkey.org/?id=tutorials&page=comment&oid=228\" target=\"_blank\"]http://zulumonkey.org/?id=tutorials&page=comment&oid=228[/a] :

i get these warnings: Warning: session_start(): Cannot send session cookie - headers already sent by...Warning: session_start(): Cannot send session cache limiter - headers already sent...

also, if you know the URL of the file i want to protect...you can access it.

login.php
[code]<table width="315" height="199" border="0">
<tr>
<td><form name="form1" method="post" action="check.php">
<table width="407" border="0">
<tr>
<td width="105">Username:</td>
<td width="194"><input name="username" type="text" id="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="password" type="text" id="password"></td>
</tr>
</table>
<br>
<input type="submit" name="Submit" value="Login">
</form>
</td>
</tr>
</table>[/code]

check.php
[code]<?php
$a_username = ""; // Admin username
$a_password = ""; //Admin password

if($username == $a_username && $password == $a_password){
session_start();
echo "Congratulations " . $_POST['username'] . "<br>You may now proceed to the <a href="admin.php">admin area</a>!";
}

else {
echo "Username " . $_POST['username'] . " or password " . $_POST['password'] . " is incorrect, please try again"; }
?>[/code]

admin.php
[code]<?php
if(session_start()){ ?>
This is the admin area
Add content in this section
<?php
}
elseif(!session_start()){
echo "Not logged in, please log in";
}
?>[/code]

thx!!!
[/quote]


Hi,

Your session_start() must be the first thing sent in you php code otherwise you get the error that you stated.
This has to appear at the top of every php page wanting to use one of your session vars.

[code]
<?php
session_start();

// Rest of your code.

?>
[/code]
Link to comment
Share on other sites

[!--quoteo(post=388148:date=Jun 26 2006, 12:57 PM:name=miligraf)--][div class=\'quotetop\']QUOTE(miligraf @ Jun 26 2006, 12:57 PM) [snapback]388148[/snapback][/div][div class=\'quotemain\'][!--quotec--]
thanks, it works now. but if i know the exact URL where the admin.php is located, i can access it...its supposed to say: Not logged in, please log in. ive deleted cookies for this but i still can do it.
[/quote]
[code]$var=$_SESSION['var'];
if($var != ''){

//rest of code
}else{

echo "Please Reloging";
}[/code]
Link to comment
Share on other sites

I have a similiar script and I solved that problem a different way.

In my login function I added this to the successful login part:

session_register('$logged_in');
$_SESSION['logged_in'] = 1;

Then on my admin.php page I added this:

if(!isset($_SESSION['logged_in'])) {
echo "Sorry Please Login";
}
else {
echo "Success";
}
Link to comment
Share on other sites

[!--quoteo(post=388175:date=Jun 26 2006, 03:17 PM:name=miligraf)--][div class=\'quotetop\']QUOTE(miligraf @ Jun 26 2006, 03:17 PM) [snapback]388175[/snapback][/div][div class=\'quotemain\'][!--quotec--]
its half workin lol, i cant access the admin section if i know the URL but even if i login i cant access it.

is htaccess better than PHP to protect files?
[/quote]

The best way I have found to protect files is mysql. If a file has an offball name such as 1423563467.php and only sql has an id number for it, sql can get to it way quicker than any bored "hacker". Also fill you files with if/else statements. Such as the ones legohead6 and adamwhiles provided.

The reason that you admin page isnt working depends on your validation method. I have just started getting into these script ideas myself. Are you using MySQL, txt file or cookie, something like that?
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.